[unedited from my drafts folder...] Hello Stojce,
> 1) after serving the request need full read-only access to > request/response (status,header,content) It's no problem to make a deep copy of the request and response objects with request/status line and headers. Content needs to be buffered, so if you've got the memory or a fast external storage to keep the copies... > 2) make it work trough ssl but would have to 'see' the request/response > 'in clear' That's called a man-in-the-middle attack. If you and the users of your proxy don't care about security, it can be done. The proxy has to intercept/buffer CONNECT requests, which precede the SSL handshake. Then the proxy provides the SSL server socket, which would normally be done by the target server. Of course the proxy doesn't have the target server certificate, it has to use a self-signed certificate. Your users have to import/accept that proxy certificate. It will be tricky to manage the different SSL connections your proxy will have to maintain with the target servers for the different users. If SSL with client authentication is used, you're finally out of luck. > If I use 'NHttpServer.java' of 'module-nio' as a starting point and > modify the 'service' method to proxy the request to the destination, do > you think is a right direction ? I can't tell you about NIO. Modifying a default server implementation is the right way to go. Make sure you know about the different headers that have to be modified, must not be modified, or must not be forwarded by a proxy. Even a transparent, non-caching proxy is pretty tricky. > Is it possible to implement also ssl part this way so that for proxy is > transparent ? With the exception of the certificate, see above. If it was possible to intercept TLS/SSL communication transparently, a bunch of security experts would be jumping left, right and center to fix the hole. cheers, Roland --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
